added method to update bearer token

Author: chernser

client-v2/src/main/java/com/clickhouse/client/api/Client.java

@@ -117,7 +117,6 @@
  *          ...
  *      }
  *  }
- *
  * }
  *
  *
@@ -131,6 +130,9 @@ public class Client implements AutoCloseable {
 
     private final Set<String> endpoints;
     private final Map<String, String> configuration;
+
+    private final Map<String, String> readOnlyConfig;
+
     private final List<ClickHouseNode> serverNodes = new ArrayList<>();
 
     // POJO serializer mapping (class -> (schema -> (format -> serializer)))
@@ -154,10 +156,10 @@ public class Client implements AutoCloseable {
     private final ColumnToMethodMatchingStrategy columnToMethodMatchingStrategy;
 
     private Client(Set<String> endpoints, Map<String,String> configuration, boolean useNewImplementation,
-                   ExecutorService sharedOperationExecutor, ColumnToMethodMatchingStrategy columnToMethodMatchingStrategy,
-                   Supplier<String> bearerTokenSupplier) {
+                   ExecutorService sharedOperationExecutor, ColumnToMethodMatchingStrategy columnToMethodMatchingStrategy) {
         this.endpoints = endpoints;
         this.configuration = configuration;
+        this.readOnlyConfig = Collections.unmodifiableMap(this.configuration);
         this.endpoints.forEach(endpoint -> {
             this.serverNodes.add(ClickHouseNode.of(endpoint, this.configuration));
         });
@@ -172,7 +174,7 @@ private Client(Set<String> endpoints, Map<String,String> configuration, boolean
         }
         this.useNewImplementation = useNewImplementation;
         if (useNewImplementation) {
-            this.httpClientHelper = new HttpAPIClientHelper(configuration, bearerTokenSupplier);
+            this.httpClientHelper = new HttpAPIClientHelper(configuration);
             LOG.info("Using new http client implementation");
         } else {
             this.oldClient = ClientV1AdaptorHelper.createClient(configuration);
@@ -226,8 +228,6 @@ public static class Builder {
         private ExecutorService sharedOperationExecutor = null;
         private ColumnToMethodMatchingStrategy columnToMethodMatchingStrategy;
 
-        private Supplier<String> bearerTokenSupplier = null;
-
         public Builder() {
             this.endpoints = new HashSet<>();
             this.configuration = new HashMap<String, String>();
@@ -855,7 +855,7 @@ public Builder allowBinaryReaderToReuseBuffers(boolean reuse) {
          * @return same instance of the builder
          */
         public Builder httpHeader(String key, String value) {
-            this.configuration.put(ClientConfigProperties.HTTP_HEADER_PREFIX + key.toUpperCase(Locale.US), value);
+            this.configuration.put(ClientConfigProperties.httpHeader(key), value);
             return this;
         }
 
@@ -866,7 +866,7 @@ public Builder httpHeader(String key, String value) {
          * @return same instance of the builder
          */
         public Builder httpHeader(String key, Collection<String> values) {
-            this.configuration.put(ClientConfigProperties.HTTP_HEADER_PREFIX + key.toUpperCase(Locale.US), ClientConfigProperties.commaSeparated(values));
+            this.configuration.put(ClientConfigProperties.httpHeader(key), ClientConfigProperties.commaSeparated(values));
             return this;
         }
 
@@ -965,21 +965,8 @@ public Builder setOptions(Map<String, String> options) {
          * @return same instance of the builder
          */
         public Builder useBearerTokenAuth(String bearerToken) {
-            this.httpHeader("Authorization", "Bearer " + bearerToken);
-            return this;
-        }
-
-        /**
-         * Specifies a supplier for a bearer tokens. It is useful when token should be refreshed.
-         * Supplier is called each time before sending a request.
-         * Supplier should return encoded token.
-         * This configuration cannot be used with {@link #useBearerTokenAuth(String)}.
-         *
-         * @param tokenSupplier - token supplier
-         * @return
-         */
-        public Builder useBearerTokenAuth(Supplier<String> tokenSupplier) {
-            this.bearerTokenSupplier = tokenSupplier;
+            // Most JWT libraries (https://jwt.io/libraries?language=Java) compact tokens in proper way
+            this.httpHeader(HttpHeaders.AUTHORIZATION, "Bearer " + bearerToken);
             return this;
         }
 
@@ -994,8 +981,7 @@ public Client build() {
             if (!this.configuration.containsKey("access_token") &&
                 (!this.configuration.containsKey("user") || !this.configuration.containsKey("password")) &&
                 !MapUtils.getFlag(this.configuration, "ssl_authentication", false) &&
-                !this.configuration.containsKey(ClientConfigProperties.HTTP_HEADER_PREFIX + "Authorization") &&
-                this.bearerTokenSupplier == null) {
+                !this.configuration.containsKey(ClientConfigProperties.httpHeader(HttpHeaders.AUTHORIZATION))) {
                 throw new IllegalArgumentException("Username and password (or access token or SSL authentication or pre-define Authorization header) are required");
             }
 
@@ -1004,11 +990,6 @@ public Client build() {
                 throw new IllegalArgumentException("Only one of password, access token or SSL authentication can be used per client.");
             }
 
-            if (this.configuration.containsKey(ClientConfigProperties.HTTP_HEADER_PREFIX + "Authorization") &&
-                this.bearerTokenSupplier != null) {
-                throw new IllegalArgumentException("Bearer token supplier cannot be used with a predefined Authorization header");
-            }
-
             if (this.configuration.containsKey("ssl_authentication") &&
                 !this.configuration.containsKey(ClientConfigProperties.SSL_CERTIFICATE.getKey())) {
                 throw new IllegalArgumentException("SSL authentication requires a client certificate");
@@ -1047,15 +1028,8 @@ public Client build() {
                 throw new IllegalArgumentException("Nor server timezone nor specific timezone is set");
             }
 
-            // check for only new implementation configuration
-            if (!this.useNewImplementation) {
-                if (this.bearerTokenSupplier != null) {
-                    throw new IllegalArgumentException("Bearer token supplier cannot be used with old implementation");
-                }
-            }
-
             return new Client(this.endpoints, this.configuration, this.useNewImplementation, this.sharedOperationExecutor,
-                this.columnToMethodMatchingStrategy, this.bearerTokenSupplier);
+                this.columnToMethodMatchingStrategy);
         }
 
         private static final int DEFAULT_NETWORK_BUFFER_SIZE = 300_000;
@@ -2147,7 +2121,7 @@ public String toString() {
      * @return - configuration options
      */
     public Map<String, String> getConfiguration() {
-        return Collections.unmodifiableMap(configuration);
+        return readOnlyConfig;
     }
 
     /** Returns operation timeout in seconds */
@@ -2194,6 +2168,10 @@ public Collection<String> getDBRoles() {
         return unmodifiableDbRolesView;
     }
 
+    public void updateBearerToken(String bearer) {
+        this.configuration.put(ClientConfigProperties.httpHeader(HttpHeaders.AUTHORIZATION), "Bearer " + bearer);
+    }
+
     private ClickHouseNode getNextAliveNode() {
         return serverNodes.get(0);
     }

client-v2/src/main/java/com/clickhouse/client/api/ClientConfigProperties.java

@@ -4,6 +4,7 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.Locale;
 import java.util.stream.Collectors;
 
 /**
@@ -157,6 +158,10 @@ public static String serverSetting(String key) {
         return SERVER_SETTING_PREFIX + key;
     }
 
+    public static String httpHeader(String key) {
+        return HTTP_HEADER_PREFIX + key.toUpperCase(Locale.US);
+    }
+
     public static String commaSeparated(Collection<?> values) {
         StringBuilder sb = new StringBuilder();
         for (Object value : values) {

client-v2/src/main/java/com/clickhouse/client/api/ServerException.java

@@ -7,12 +7,34 @@ public class ServerException extends RuntimeException {
     public static final int TABLE_NOT_FOUND = 60;
 
     private final int code;
+
+    private final int transportProtocolCode;
+
     public ServerException(int code, String message) {
+        this(code, message, 500);
+    }
+
+    public ServerException(int code, String message, int transportProtocolCode) {
         super(message);
         this.code = code;
+        this.transportProtocolCode = transportProtocolCode;
     }
 
+    /**
+     * Returns CH server error code. May return 0 if code is unknown.
+     * @return - error code from server response
+     */
     public int getCode() {
         return code;
     }
+
+    /**
+     * Returns error code of underlying transport protocol. For example, HTTP status.
+     * By default, will return {@code 500 } what is derived from HTTP Server Internal Error.
+     *
+     * @return - transport status code
+     */
+    public int getTransportProtocolCode() {
+        return transportProtocolCode;
+    }
 }

client-v2/src/main/java/com/clickhouse/client/api/internal/HttpAPIClientHelper.java

@@ -94,12 +94,9 @@ public class HttpAPIClientHelper {
 
     private String httpClientUserAgentPart;
 
-    private final Supplier<String> bearerTokenSupplier;
-
-    public HttpAPIClientHelper(Map<String, String> configuration, Supplier<String> bearerTokenSupplier) {
+    public HttpAPIClientHelper(Map<String, String> configuration) {
         this.chConfiguration = configuration;
         this.httpClient = createHttpClient();
-        this.bearerTokenSupplier = bearerTokenSupplier;
 
         this.httpClientUserAgentPart = this.httpClient.getClass().getPackage().getImplementationTitle() + "/" + this.httpClient.getClass().getPackage().getImplementationVersion();
 
@@ -339,10 +336,13 @@ public Exception readError(ClassicHttpResponse httpResponse) {
 
             String msg = msgBuilder.toString().replaceAll("\\s+", " ").replaceAll("\\\\n", " ")
                     .replaceAll("\\\\/", "/");
-            return new ServerException(serverCode, msg);
+            if (msg.trim().isEmpty()) {
+                msg = String.format(ERROR_CODE_PREFIX_PATTERN, serverCode) + " <Unreadable error message> (transport error: " + httpResponse.getCode() + ")";
+            }
+            return new ServerException(serverCode, msg, httpResponse.getCode());
         } catch (Exception e) {
             LOG.error("Failed to read error message", e);
-            return new ServerException(serverCode, String.format(ERROR_CODE_PREFIX_PATTERN, serverCode) + " <Unreadable error message>");
+            return new ServerException(serverCode, String.format(ERROR_CODE_PREFIX_PATTERN, serverCode) + " <Unreadable error message> (transport error: " + httpResponse.getCode() + ")", httpResponse.getCode());
         }
     }
 
@@ -427,8 +427,6 @@ private void addHeaders(HttpPost req, Map<String, String> chConfig, Map<String,
         if (MapUtils.getFlag(chConfig, "ssl_authentication", false)) {
             req.addHeader(ClickHouseHttpProto.HEADER_DB_USER, chConfig.get(ClientConfigProperties.USER.getKey()));
             req.addHeader(ClickHouseHttpProto.HEADER_SSL_CERT_AUTH, "on");
-        } else if (bearerTokenSupplier != null) {
-            req.addHeader(HttpHeaders.AUTHORIZATION, "Bearer " + bearerTokenSupplier.get());
         } else if (chConfig.getOrDefault(ClientConfigProperties.HTTP_USE_BASIC_AUTH.getKey(), "true").equalsIgnoreCase("true")) {
             req.addHeader(HttpHeaders.AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString(
                     (chConfig.get(ClientConfigProperties.USER.getKey()) + ":" + chConfig.get(ClientConfigProperties.PASSWORD.getKey())).getBytes(StandardCharsets.UTF_8)));
@@ -456,12 +454,12 @@ private void addHeaders(HttpPost req, Map<String, String> chConfig, Map<String,
 
         for (Map.Entry<String, String> entry : chConfig.entrySet()) {
             if (entry.getKey().startsWith(ClientConfigProperties.HTTP_HEADER_PREFIX)) {
-                req.addHeader(entry.getKey().substring(ClientConfigProperties.HTTP_HEADER_PREFIX.length()), entry.getValue());
+                req.setHeader(entry.getKey().substring(ClientConfigProperties.HTTP_HEADER_PREFIX.length()), entry.getValue());
             }
         }
         for (Map.Entry<String, Object> entry : requestConfig.entrySet()) {
             if (entry.getKey().startsWith(ClientConfigProperties.HTTP_HEADER_PREFIX)) {
-                req.addHeader(entry.getKey().substring(ClientConfigProperties.HTTP_HEADER_PREFIX.length()), entry.getValue().toString());
+                req.setHeader(entry.getKey().substring(ClientConfigProperties.HTTP_HEADER_PREFIX.length()), entry.getValue().toString());
             }
         }
 

client-v2/src/test/java/com/clickhouse/client/HttpTransportTests.java

@@ -809,6 +809,7 @@ public void testBearerTokenAuth() throws Exception {
                 .reduce((s1, s2) -> s1 + "." + s2).get();
         try (Client client = new Client.Builder().addEndpoint(Protocol.HTTP, "localhost", mockServer.port(), false)
                 .useBearerTokenAuth(jwtToken1)
+                .compressServerResponse(false)
                 .build()) {
 
             mockServer.addStubMapping(WireMock.post(WireMock.anyUrl())
@@ -828,37 +829,38 @@ public void testBearerTokenAuth() throws Exception {
                         new String[]{"header2", "payload2", "signature2"})
                 .map(s -> Base64.getEncoder().encodeToString(s.getBytes(StandardCharsets.UTF_8)))
                 .reduce((s1, s2) -> s1 + "." + s2).get();
-        final AtomicInteger callCount = new AtomicInteger(0);
-        Supplier<String> tokenSupplier = () -> {
-            callCount.incrementAndGet();
-            return jwtToken2;
-        };
-
+        
+        mockServer.resetAll();
         mockServer.addStubMapping(WireMock.post(WireMock.anyUrl())
-                .withHeader("Authorization", WireMock.equalTo("Bearer " + jwtToken2))
+                .withHeader("Authorization", WireMock.equalTo("Bearer " + jwtToken1))
                 .willReturn(WireMock.aResponse()
-                        .withHeader("X-ClickHouse-Summary",
-                                "{ \"read_bytes\": \"10\", \"read_rows\": \"1\"}")).build());
+                        .withStatus(HttpStatus.SC_UNAUTHORIZED))
+                .build());
 
         try (Client client = new Client.Builder().addEndpoint(Protocol.HTTP, "localhost", mockServer.port(), false)
-                .useBearerTokenAuth(tokenSupplier)
+                .useBearerTokenAuth(jwtToken1)
+                .compressServerResponse(false)
                 .build()) {
 
-            for (int i = 0; i < 3; i++ ) {
-
-                try (QueryResponse response = client.query("SELECT 1").get(1, TimeUnit.SECONDS)) {
-                    Assert.assertEquals(response.getReadBytes(), 10);
-                } catch (Exception e) {
-                    Assert.fail("Unexpected exception", e);
-                }
+            try {
+                client.execute("SELECT 1").get();
+                fail("Exception expected");
+            } catch (ServerException e) {
+                Assert.assertEquals(e.getTransportProtocolCode(), HttpStatus.SC_UNAUTHORIZED);
             }
-        }
 
-        assertEquals(callCount.get(), 3);
+            mockServer.resetAll();
+            mockServer.addStubMapping(WireMock.post(WireMock.anyUrl())
+                    .withHeader("Authorization", WireMock.equalTo("Bearer " + jwtToken2))
+                    .willReturn(WireMock.aResponse()
+                            .withHeader("X-ClickHouse-Summary",
+                                    "{ \"read_bytes\": \"10\", \"read_rows\": \"1\"}"))
 
-        assertThrows(IllegalArgumentException.class, () -> {
-            new Client.Builder().useBearerTokenAuth("token")
-                    .useBearerTokenAuth(() -> "token2").build();
-        });
+                    .build());
+
+            client.updateBearerToken(jwtToken2);
+
+            client.execute("SELECT 1").get();
+        }
     }
 }